From patchwork Tue Aug 18 15:54:56 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: David Ahern <dsa@cumulusnetworks.com>
X-Patchwork-Id: 508368
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id A41D21402B5
	for <patchwork-incoming@ozlabs.org>;
	Wed, 19 Aug 2015 01:56:02 +1000 (AEST)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (1024-bit key;
	unprotected) header.d=cumulusnetworks.com
	header.i=@cumulusnetworks.com header.b=CWGBpMm5;
	dkim-atps=neutral
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753442AbbHRPzv (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Tue, 18 Aug 2015 11:55:51 -0400
Received: from mail-ig0-f180.google.com ([209.85.213.180]:36717 "EHLO
	mail-ig0-f180.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753429AbbHRPzs (ORCPT
	<rfc822;netdev@vger.kernel.org>); Tue, 18 Aug 2015 11:55:48 -0400
Received: by igxp17 with SMTP id p17so84172967igx.1
	for <netdev@vger.kernel.org>; Tue, 18 Aug 2015 08:55:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=cumulusnetworks.com; s=google;
	h=from:to:cc:subject:date:message-id;
	bh=/KGgI9o0mLHy+g7Ob2N+0OYzVJUrzWgRamr0C8oHezM=;
	b=CWGBpMm5thfrQ9rdAPbWAMkk22p8WFdww70UapH33aIQKnT+ALLKct4FBrdTLD3Tfu
	splfP+q523LuPet8HrQlfa/jSgA9uGV/xZGLbULCxUASzfwFidU6naFoK3U+wzzgQBxP
	XAZvWFX+LiKCCIft3Xs5SlCxANYqTJaGRnXls=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=/KGgI9o0mLHy+g7Ob2N+0OYzVJUrzWgRamr0C8oHezM=;
	b=R78g3dV8agYAj+HOfRFDm7SkFAuP1NJIEx5lPQL1a7eRmyf5o6GnTkR1K9kQycB7Vk
	n9lDMDx5LIqsTcNlz9y2b1/qIrlDO0X1our/EGGNnMF6EJYyLpuqK6M2wUySAfZpLsiO
	s192a1F16k5JgDgUb5VY3J3FpWRbChTX5Ewk7ALtju8uN60OWRmAt6yQwBZZl1J8GXuu
	8WLa4VxOtex5cOXxQ7GQt2e2ZPa0j96BNsEHJXx3jD/NPd50Die+VXQzyUQjNN5K3w7X
	B2jtJ+ruYzwCvZZTvgD+zcXeMNJJnXncu2O1w259Z5PPUyB0U8PhgQxPzO4XJ2hQZgch
	Ji4g==
X-Gm-Message-State: 
 ALoCoQnPq9AerXAUcf9rqfI9jlg0Jgv/FcwaGgf4l18BuW6An93V+P4dJF1COkTivHJIXDrpZ0AP
X-Received: by 10.50.43.134 with SMTP id w6mr23010711igl.74.1439913346516;
	Tue, 18 Aug 2015 08:55:46 -0700 (PDT)
Received: from localhost.localdomain (c-174-51-80-140.hsd1.co.comcast.net.
	[174.51.80.140]) by smtp.googlemail.com with ESMTPSA id
	qc6sm3340296igc.1.2015.08.18.08.55.45
	(version=TLSv1 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Tue, 18 Aug 2015 08:55:45 -0700 (PDT)
From: David Ahern <dsa@cumulusnetworks.com>
To: steffen.klassert@secunet.com, netdev@vger.kernel.org
Cc: David Ahern <dsa@cumulusnetworks.com>
Subject: [PATCH ipsec-next] xfrm: Use VRF master index if output device is
	enslaved
Date: Tue, 18 Aug 2015 09:54:56 -0600
Message-Id: <1439913296-6026-1-git-send-email-dsa@cumulusnetworks.com>
X-Mailer: git-send-email 2.3.2 (Apple Git-55)
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

Directs route lookups to VRF table. Compiles out if NET_VRF is not
enabled. With this patch able to successfully bring up ipsec tunnels
in VRFs, even with duplicate network configuration (IPv4 tested).

Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
---
 net/ipv4/xfrm4_policy.c | 7 +++++--
 net/ipv6/xfrm6_policy.c | 7 +++++--
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
index 55b3c0f4dde5..35757f6af2d5 100644
--- a/net/ipv4/xfrm4_policy.c
+++ b/net/ipv4/xfrm4_policy.c
@@ -15,6 +15,7 @@
 #include <net/dst.h>
 #include <net/xfrm.h>
 #include <net/ip.h>
+#include <net/vrf.h>
 
 static struct xfrm_policy_afinfo xfrm4_policy_afinfo;
 
@@ -107,8 +108,10 @@ _decode_session4(struct sk_buff *skb, struct flowi *fl, int reverse)
 	struct flowi4 *fl4 = &fl->u.ip4;
 	int oif = 0;
 
-	if (skb_dst(skb))
-		oif = skb_dst(skb)->dev->ifindex;
+	if (skb_dst(skb)) {
+		oif = vrf_master_ifindex_rcu(skb_dst(skb)->dev) ?
+			: skb_dst(skb)->dev->ifindex;
+	}
 
 	memset(fl4, 0, sizeof(struct flowi4));
 	fl4->flowi4_mark = skb->mark;
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
index a74013d3eceb..4a88b89becf5 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
@@ -20,6 +20,7 @@
 #include <net/ip.h>
 #include <net/ipv6.h>
 #include <net/ip6_route.h>
+#include <net/vrf.h>
 #if IS_ENABLED(CONFIG_IPV6_MIP6)
 #include <net/mip6.h>
 #endif
@@ -131,8 +132,10 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse)
 
 	nexthdr = nh[nhoff];
 
-	if (skb_dst(skb))
-		oif = skb_dst(skb)->dev->ifindex;
+	if (skb_dst(skb)) {
+		oif = vrf_master_ifindex_rcu(skb_dst(skb)->dev) ?
+			: skb_dst(skb)->dev->ifindex;
+	}
 
 	memset(fl6, 0, sizeof(struct flowi6));
 	fl6->flowi6_mark = skb->mark;